Friday, July 19, 2024

Attempted Access of Two Government Agencies’ Secrets by Russian Hackers Spying on Microsoft Executives

Microsoft Security Team Detects Nation-State Cyber Attack by Russian Hackers; Two US Government Departments Impacted

Microsoft Security Team recently announced the detection of a nation-state cyber attack by Russian hackers on the company’s corporate email systems. The hacking group, known as Midnight Blizzard, was identified by Microsoft Threat Intelligence, and it has now come to light that two US government departments were impacted by the breach.

According to a report by Bloomberg, the US Department of Veterans Affairs and an arm of the US State Department are among the growing list of Microsoft customers affected by the attack. The US Agency for Global Media confirmed that some of its data may have been stolen, and the State Department spokesperson stated that Microsoft is reaching out to affected and unaffected agencies in the spirit of transparency.

The Department of Veterans Affairs also confirmed that it was notified about being impacted by the breach in March. Microsoft disclosed the breach in January and attributed it to Midnight Blizzard. The hackers accessed corporate email accounts and attempted to exploit shared secrets between them and customers.

The report revealed that the hackers used stolen credentials to break into a test environment on the VA’s Microsoft Cloud account in January. The intrusion lasted only a second as it seems the hackers were verifying the validity of the credentials. The agency immediately changed the exposed credentials and login details to its Microsoft environments upon notification of the breach.

Microsoft has been proactive in notifying customers who may have corresponded with a compromised corporate email account. The company continues to investigate the breach and work closely with affected agencies to mitigate the impact of the cyber attack.

The breach highlights the ongoing threats posed by state-sponsored hacking groups and the importance of robust cybersecurity measures to protect sensitive data and systems.

Related Articles

Latest Articles

Most Popular